Like most people, I check my emails in the morning and wade through a combination of work requests, spam, and news alerts scouring my inbox.
But yesterday brought something different and deeply disturbing. I saw a warning from the US Cybersecurity and Infrastructure Security Agency (CISA) about some very devious ones malware that was contaminated a network of computers.
The malware in question is Snake, a cyber-espionage tool that has been used by Russia’s Federal Security Service for about 20 years.
According to CISA, the Snake Implant is the “most advanced cyber-espionage tool designed and used by Center 16 of the Russian Federal Security Service for long-term intelligence gathering on sensitive targets.”
The creeping snake
The Russian Federal Security Service developed the Snake network in 2003 to operate worldwide Cyber espionage operations against NATO, corporations, research institutions, media organizations, financial services, government agencies and more.
So far, it has been detected on Windows, Linux, and macOS computers in more than 50 countries, including Australia.
Elite Russian cyber-espionage teams place the malware on a target’s computer, copy sensitive information, and then send it to Russia. It’s a simple concept wrapped in a masterful engineering design.
Since its inception, Russian cyber spies have regularly upgraded the Snake malware to avoid detection. The current version is crafty in how it persistent evades detection and protects itself.
In addition, the Snake network can disrupt critical industrial control systems that manage our buildings, hospitals, energy systems, water and wastewater systems, among other things – so the risks went beyond intelligence gathering.
There are warnings that in a few years, bad actors could be given the opportunity to hijack critical Australian infrastructure and cause unprecedented damage by intervening with physical operations.
Snake hunt
On May 9, the US Department of Justice announced the Federal Bureau of Investigation had finally disrupted the global Snake peer-to-peer network from infected computers.
The secret network allowed infected computers to collect sensitive information. The Snake malware then disguised the sensitive information via advanced encryptionand sent it to the spymasters.
Because the Snake malware custom communication protocols, his covert operations went unnoticed for decades. You can think of custom protocols as a way to send information so that it can go unnoticed.
However, with the Russian war in Ukraine and the increase in cybersecurity activity in recent years, the FBI has stepped up its monitoring of Russian cyberthreats.
Although the Snake malware is an elegantly designed piece of code, it is complex and must be deployed precisely to avoid detection. According to the Justice Department press release, in more than a few cases, Russian cyber spies were careless and did not deploy it as intended.
As a result, the Americans discovered Snake and devised a response.
Snake bites
The FBI has received a court order to do so Dismantle hose as part of an operation codenamed MEDUSA.
They developed a tool called PERSEUS that causes the Snake malware to expand itself and stop further infection of other computers. The PERSEUS tool and instructions are freely available to guide detection, patching and recovery.
The Ministry of Justice advises that PERSEUS only stops this malware on computers that are already infected; it does not patch Find and remove vulnerabilities on other computers or other malware.
Despite the Snake network being disrupted, the department issued a warning vulnerabilities may still exist for users, and they must follow safely cybersecurity hygiene practices.
Snake bite treatment
Fortunately, effective cybersecurity hygiene is not too complicated. Microsoft has identified five activities that protect against 98% of cybersecurity attacks, whether at home or at work.
-
Enable multifactor authentication for all your online accounts and apps. This sign-up process requires multiple steps, such as entering your password, followed by a code sent to you via text message, or even a biometric fingerprint or secret question (drums favorite? Ringo!).
-
Apply the “zero trust” principles. It is a best practice to authenticate, authorize and continuously validate all system users (internal and external) to ensure they have the right to use the systems. The zero trust approach should be applied whether you use computer systems at work or at home.
-
Use modern anti-malware programs. Antimalware, also known as antivirus software, protects and removes malware from our systems, big and small.
-
Stay up to date. Regular system and software updates not only help keep new applications safe, but also fix vulnerable parts of your system.
-
Protect your data. Make a copy of your important data, whether it is a physical printout or on an external device that is disconnected from your network, such as an external drive or USB.
Like most Australians, I have been the victim of a cyber-attack. And among the recent optus data breach and the Woolworths MyDeal And Medibank attacks, people are starting to realize how serious the consequences of these events can be.
We can expect that malicious cyber attacks will increase in the future and their impact will only increase. The Snake malware is a sophisticated piece of software that raises another concern. But in this case, we have the antidote and can protect ourselves by proactively following the steps above.
If you are concerned about the Snake malware, you can read more hereor speak to the fine folks at your IT service desk.
Read more: Holding the world to ransom: The top 5 most dangerous criminal organizations currently online
